U.S. banks are on heightened cyber alert as the war with Iran escalates, with intelligence officials warning of possible low-level attacks on financial networks.
 |
| Industry leaders, intelligence agencies and ratings firms say cyber risks to U.S. financial institutions are rising as geopolitical tensions with Iran intensify. Image: CH |
Fintech Desk — March 4, 2026:
The U.S. financial services industry has moved to heightened alert for cyberattacks as the war with Iran intensifies, with executives and analysts warning that geopolitical conflict often brings a parallel surge in digital threats.
Tensions escalated sharply after the killing of Iranian Supreme Leader Ali Khamenei in an air strike last weekend, an event that has roiled global markets and heightened fears of retaliation beyond the battlefield — including in cyberspace.
Banks, exchanges and clearing houses form part of the backbone of U.S. critical infrastructure, operating payments systems, Treasury markets and trading platforms that are essential to global finance. That centrality makes them high-value targets during periods of geopolitical instability.
“The industry remains vigilant and ready to respond to cyber threats at all times, and especially when global cybersecurity risks are heightened,” said Todd Klessman, managing director for financial services cyber and technology at SIFMA, which conducts annual simulations to test whether firms can withstand major cyber emergencies.
Klessman said firms are closely monitoring developments with a focus on operational resilience — the ability to continue functioning even under sustained attack.
According to a U.S. intelligence assessment reported earlier this week, Iran-aligned “hacktivists” could mount low-level cyberattacks against American networks. These could include distributed denial-of-service (DDoS) attacks, in which malicious actors flood servers with traffic to disrupt online services.
While such attacks typically do not cause systemic damage, they can temporarily disable customer-facing platforms, online banking portals or trading interfaces, creating volatility and undermining confidence.
A senior banking industry official said lenders view cyber risks as “likely,” reflecting concern that digital retaliation could be one of the more accessible tools available to Iranian-linked actors.
Credit rating agency Morningstar DBRS warned that the most significant risks to global banks may be indirect — including sustained higher oil prices and economic shocks affecting borrowers. But it also cautioned that cyber risks could increase if Iran expands digital operations against Western entities.
U.S. investment bank Lazard’s geopolitical advisory team similarly flagged cyber threats, noting that Iran has previously demonstrated a willingness to deploy cyber capabilities against commercial targets, including financial systems.
Industry data suggest such concerns are not theoretical. A 2025 report by the Financial Services Information Sharing and Analysis Center found that financial services were the top target of DDoS attacks in 2024. The wars in Gaza and Ukraine fueled a surge in hacktivist activity, the report said, as politically motivated groups targeted Western institutions.
Although the U.S. financial system has not experienced a recent large-scale disruption from a hostile state-linked cyberattack, smaller incidents have caused localized turmoil. In 2023, a ransomware attack on the U.S. broker-dealer unit of the Industrial and Commercial Bank of China disrupted settlement of some U.S. Treasury trades, underscoring how even limited breaches can ripple through critical markets.
The financial sector has invested billions in cybersecurity over the past decade, bolstering defenses, sharing threat intelligence and conducting stress tests. Industrywide exercises organized by SIFMA and FS-ISAC aim to ensure institutions can continue clearing trades and processing payments even if systems are degraded.
Still, the current environment presents a complex threat landscape. Unlike conventional warfare, cyber operations can be launched remotely, deniably and at relatively low cost. That asymmetry makes them an attractive tool for retaliation.
For U.S. banks, the immediate challenge is not just preventing attacks, but maintaining confidence. Even short-lived disruptions can amplify market volatility during already fragile geopolitical conditions.
As the conflict unfolds, cybersecurity — often an invisible line of defense — may prove as critical to financial stability as any policy response from Washington.